Verifies if the recovery mode key is correct.
Description
Recovery mode keys can only be used once; the key will be consumed in the process.
Parameters
$tokenstringrequired- The token used when generating the given key.
$keystringrequired- The unhashed key.
$ttlintrequired- Time in seconds for the key to be valid for.
Source
public function validate_recovery_mode_key( $token, $key, $ttl ) {
global $wp_hasher;
$records = $this->get_keys();
if ( ! isset( $records[ $token ] ) ) {
return new WP_Error( 'token_not_found', __( 'Recovery Mode not initialized.' ) );
}
$record = $records[ $token ];
$this->remove_key( $token );
if ( ! is_array( $record ) || ! isset( $record['hashed_key'], $record['created_at'] ) ) {
return new WP_Error( 'invalid_recovery_key_format', __( 'Invalid recovery key format.' ) );
}
if ( empty( $wp_hasher ) ) {
require_once ABSPATH . WPINC . '/class-phpass.php';
$wp_hasher = new PasswordHash( 8, true );
}
if ( ! $wp_hasher->CheckPassword( $key, $record['hashed_key'] ) ) {
return new WP_Error( 'hash_mismatch', __( 'Invalid recovery key.' ) );
}
if ( time() > $record['created_at'] + $ttl ) {
return new WP_Error( 'key_expired', __( 'Recovery key expired.' ) );
}
return true;
}
Changelog
| Version | Description |
|---|---|
| 5.2.0 | Introduced. |
User Contributed Notes
You must log in before being able to contribute a note or feedback.